<?php
    /**
    * Invoice save
    */
    if (!defined('EXPONENT')) exit('');
    if (exponent_users_isAdmin() ||  exponent_permissions_check(array("administrate","upload"),exponent_core_makeLocation("profilemodule","_syscore","")))
    {
        $invoices=null;
        if (isset($_REQUEST['invoices_id']))
        {
            $invoices=$db->selectObject('profilemodule_invoices','id='.intval($_REQUEST['invoices_id']));
        }
        
        $invoices->name = $_REQUEST['invoices_name'];
        if (!isset($invoices->id))
        {
            $invoices->create_by = $user->firstname." ".$user->lastname."(".$user->username.")";
            $invoices->user_id = $_REQUEST['user_id'];
            $invoices->post_date = time();
        }
        $invoices->pdf_file =  ($_REQUEST['pdf_file']);
        $invoices->img_file =  ($_REQUEST['img_file']);

        if (isset($invoices->id)) {
            $db->updateObject($invoices,'profilemodule_invoices');
        } else 
        {
            $invoices->id = $db->insertObject($invoices,'profilemodule_invoices');
        }
        echo "OK";
    }
    else
        exponent_http_error(403);

?>
